#!/bin/bash

# init host post-reboot
# args:
#   $1: containerd version: 1.4.11
#   $2: kubernetes version: 1.21.6
#   $3: private image registry: hub.atompi.cc
#   $4: private image registry username: demo
#   $5: private image registry password: 123123
#   $6: docker registry mirror: pooj3a7i.mirror.aliyuncs.com

containerd_version=$1
kubernetes_version=$2
private_hub=$3
private_hub_username=$4
private_hub_password=$5
docker_mirror=$6

private_hub_auth=$(echo -ne "$private_hub_username:$private_hub_password" | base64)
: "${docker_mirror:=pooj3a7i.mirror.aliyuncs.com}"

# enable ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack ip_vs_fo"
for kernel_module in \${ipvs_modules}; do
    /sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
    if [ \$? -eq 0 ]; then
        /sbin/modprobe \${kernel_module}
    fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules

# set sysctl config
cat > /etc/sysctl.d/k8s.conf <<EOF
fs.inotify.max_user_watches = 89100
## RHEL only
fs.may_detach_mounts = 1
fs.file-max = 52706963
fs.nr_open = 52706963

vm.swappiness = 0
vm.overcommit_memory = 1
vm.panic_on_oom=0
vm.max_map_count = 2560000

net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 2
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3

net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fastopen = 3
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
## modprobe br_netfilter
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
## modprobe nf_conntrack
net.netfilter.nf_conntrack_max = 2310720
EOF
sysctl --system

# install containerd.io
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum makecache fast
yum -y install containerd.io-${containerd_version}
if [[ ! 0 -eq `echo $?` ]]; then
    echo "install containerd... failed"
    exit 1
fi

# config containerd
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i "s#k8s.gcr.io#$private_hub/google_containers#g"  /etc/containerd/config.toml
sed -i '/containerd.runtimes.runc.options/a\ \ \ \ \ \ \ \ \ \ \ \ SystemdCgroup = true' /etc/containerd/config.toml
python add_containerd_config.py $private_hub $private_hub_auth
if [[ ! 0 -eq `echo $?` ]]; then
    echo "config containerd... failed"
    exit 1
fi
sed -i "s#https://registry-1.docker.io#https://$docker_mirror#g"  /etc/containerd/config.toml
systemctl daemon-reload
systemctl enable containerd
systemctl restart containerd

# install kubelet kubeadm kubectl
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-${kubernetes_version} kubeadm-${kubernetes_version} kubectl-${kubernetes_version}
if [[ ! 0 -eq `echo $?` ]]; then
    echo "install kubelet... failed"
    exit 1
fi

# enable kubelet
crictl config runtime-endpoint unix:///run/containerd/containerd.sock
systemctl enable kubelet
